Sender: |
|
Subject: |
|
From: |
|
Date: |
Wed, 11 Jul 2012 14:51:57 -0500 |
Comments: |
|
Reply-To: |
|
Parts/Attachments: |
|
|
Synopsis: Important: openjpeg security update
Issue Date: 2012-07-11
CVE Numbers: CVE-2009-5030
CVE-2012-3358
OpenJPEG is an open source library for reading and writing image files in
JPEG 2000 format.
An input validation flaw, leading to a heap-based buffer overflow, was
found in the way OpenJPEG handled the tile number and size in an image tile
header. A remote attacker could provide a specially-crafted image file
that, when decoded using an application linked against OpenJPEG, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-3358)
OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from
input images that have certain color depths. A remote attacker could
provide a specially-crafted image file that, when opened in an application
linked against OpenJPEG (such as image_to_j2k), would cause the application
to crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2009-5030)
Users of OpenJPEG should upgrade to these updated packages, which contain
patches to correct these issues. All running applications using OpenJPEG
must be restarted for the update to take effect.
SL6:
i386
openjpeg-1.3-8.el6_3.i686.rpm
openjpeg-debuginfo-1.3-8.el6_3.i686.rpm
openjpeg-devel-1.3-8.el6_3.i686.rpm
openjpeg-libs-1.3-8.el6_3.i686.rpm
x86_64
openjpeg-1.3-8.el6_3.x86_64.rpm
openjpeg-debuginfo-1.3-8.el6_3.i686.rpm
openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm
openjpeg-devel-1.3-8.el6_3.i686.rpm
openjpeg-devel-1.3-8.el6_3.x86_64.rpm
openjpeg-libs-1.3-8.el6_3.i686.rpm
openjpeg-libs-1.3-8.el6_3.x86_64.rpm
- Scientific Linux Development Team
|
|
|